This bug completely prevents the installation of a secured POP3 service using Red Hat Linux 7.1 without using external packages. When I run /usr/sbin/ipop3d (from imap-2000) from the command line and give it the "STLS" command, which the RFC says starts TLS negotiation, I get the following response: +OK STLS completed Aborted (core dumped) ... and the process promptly dumps core. This happens with the prebuilt imap-2000 binary as well as with one built from the source RPM. Running the core through GDB gives limited stack information, since the binary was built without debugging: (gdb) where #0 0x401a85c1 in __kill () from /lib/libc.so.6 #1 0x401a833d in raise (sig=6) at ../sysdeps/posix/raise.c:27 #2 0x401a99a8 in abort () at ../sysdeps/generic/abort.c:88 #3 0x0805d443 in net_getbuffer () at eval.c:41 #4 0x080613be in auth_plain_server () at eval.c:41 #5 0x08061729 in auth_plain_server () at eval.c:41 #6 0x0804c588 in strcpy () at ../sysdeps/generic/strcpy.c:31 #7 0x40196e5e in __libc_start_main (main=0x804c194 <strcpy+276>, argc=1, ubp_av=0xbffffb4c, init=0x804b538 <_init>, fini=0x80a384c <_fini>, rtld_fini=0x4000d3c4 <_dl_fini>, stack_end=0xbffffb3c) at ../sysdeps/generic/libc-start.c:129
The problem exists in imap-2000c also: #/usr/sbin/ipop3d +OK POP3 imap1.gromco.com v2000.70rh server ready STLS +OK STLS completed Aborted (core dumped) #
You need to have valid SSL certificates configured before STLS will function. The new packages will migrate an stunnel.pem file automatically if one exists, or will create a self signed cert otherwise. This minimizes admin overhead, even though I do not consider this a bug per se. imap-2000c-10 generates certs by default in ssl enabled builds which makes this a non-issue.